+theblazingangel MVC Share Posted May 9, 2007 why why why can't microsoft get simple things right :angry: they just released critical security update KB931768, a new cumulative update to internet explorer. apparently this update is supposed to replace KB928090, however THIS IS WRONG!!! i just did a file comparison of KB931768 with KB928090 for the following copies of the patch: - windows 2000 IE6 - windows XP x86 IE6 - windows XP x86 IE7 - windows server 2003 x86 IE6 - windows server 2003 x86 IE7 yes, KB931768 does replace the IE6 copies of KB928090 but does not replace the IE7 copies!!! according to the security bulletin (http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx) the IE7 copies mentioned above should contain an updated copy of corpol.dll, version 7.0.6000.16441, however they do not!!! if they did then they actually really would replace KB928090 (which contains corpol.dll version 7.0.6000.16414) but they don't!!! i've see loads of cockups before with file details data in KB articles and even in Microsoft SECURITY Bulletins! but infact here i'm guessing that it's not the data thats wrong, it's actually the patch, i actually believe they forgot to include one of the updated files!!! the thing that really gets me though is that i have absolutely no way of talking to microsoft without paying to access a support help line. i wish they would assign our project or even neowin itself a damn contact who we can talk to about important issues like this. or perhaps they could just get simple things like including all the files and listing the correct details, right in the first place. /end rant Link to post Share on other sites
glutton4sw Share Posted May 9, 2007 oook...is it just Corpol.dll thats not ver. 7.0.6000.16441 ? looking at the security bulletin those files are dated 6 or 7-Mar-2007..so the corpol.dll is still same version and date as in the Feb IE7 cumulative update? if you're sure its missing an update have you tracked which one it is? now vista is out the door theres gonna be more pain to come for w2k/xp users im sure :laugh: /end agony aunt Link to post Share on other sites
prandal Share Posted May 12, 2007 why why why can't microsoft get simple things right :angry: according to the security bulletin (http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx) the IE7 copies mentioned above should contain an updated copy of corpol.dll, version 7.0.6000.16441, however they do not!!! if they did then they actually really would replace KB928090 (which contains corpol.dll version 7.0.6000.16414) but they don't!!! Someone's mentioned this (and other discrepancies in May's updates) over at http://blogs.msdn.com/ie/archive/2007/05/0...w.aspx#comments Link to post Share on other sites
glutton4sw Share Posted May 12, 2007 quote from above link: Thursday, May 10, 2007 12:52 AMI am comparing the files installed by KB931768 on Win XP SP2 and what is listed on the page listed above and a number of files mismatch (ieapfltr.dat, ieapfltr.dll and ieudinit.exe), but one file, corpol.dll, listed as included in the patch wasn't actually in it. It was in the prior cumulative update so it seems like it should be in the update. Is the file manifest wrong or was this accidentally left out? Also the KB933668 patch for the Office 2007 Compatibility Pack lists that it installs Xl12cnv.exe. I could not find that file, but I did find excelcnv.exe which contains the same exact size, date, time and version number. I also found an updated Wordconv.exe and Wordconv.dll not listed on the web page. Link to post Share on other sites
+theblazingangel Author MVC Share Posted May 12, 2007 good to know they might be learning of the problem. i had forgotten all about microsofts blogs, it's a good way to communicate with them! Link to post Share on other sites
prandal Share Posted May 13, 2007 good to know they might be learning of the problem. i had forgotten all about microsofts blogs, it's a good way to communicate with them! I also dropped a line to the handlers over at http://isc.sans.org, citing this forum topic and crediting you, theblazingangel. The big question on my mind is what happens if you take IE 7 RTM and apply this month's cumulative update only? Link to post Share on other sites
tao muon Share Posted May 13, 2007 So this one time, I had a flute, and it was out of tune. I complained and got a new flute. But then it was realized the new flute was wrong too so we were sent new valves. Now, if I happened to have another old flute that was out of tune like the first and only asked for the new valves instead of the first upgrade plus the new valves, would I complain that I didn't get a whole new flute like the first? But, I agree that it's dumb that an upgrade to an upgrade doesn't include the first upgrade's fixes too. Link to post Share on other sites
+theblazingangel Author MVC Share Posted May 13, 2007 @prandal, awesome, thanks :) Link to post Share on other sites
JustGeorge Share Posted May 13, 2007 Sorry to jack the thread, but can someone explain whats with IE7 and the cumulative updates? I thought after 7 was released, there would be an end to the obligatory 7meg + IE security download each month? I'm on DSL, so its not a big deal, but it gets old @ work where the connection is slower. Link to post Share on other sites
Recommended Posts